Introduction to Mobile Phone Security

Most people have mobile phones today. In the past these devices were primarily used to call and send text messages. In addition, all mobiles have at least an ability to keep an address book. There is a new generation of mobile devices that come with Internet access, built-in video cameras and the ability to install additional software. These smart phones can be very convenient and provide you with very powerful and useful tools. These phones contain a lot of private data and, unfortunately, a phone can be lost easily. The following chapter deals with some methods to use them more secure.

Security issues with mobile phones

Physical security - A phone can be confiscated or stolen. If you are a journalist, your address book might be of special interest: it can be used just to gain knowledge of your network or for further social engineering. As a minimum safety measure you should always enable some kind of password protection on your phone (not just on your SIM card).

Voice - Although the voice on a GSM (mobile phone) channel is encrypted, this encryption was hacked some time ago and is not considered safe any more. Furthermore, if you do not trust the network(s) you are using it has never been safe. Normal VoIP communications are very insecure as they are not encrypted. Some other VoIP services use some kind of encryption.

SMS - Text messages are sent in plain text over the network, so they are also not considered secure, additionally they are not securely stored at your device, so anyone with access to it will be able to read them. If you are using an Android based phone read the chapter on 'Secure Text Messaging'

Smartphones - Smartphones are quite new, and unfortunately most advanced (and even some basic) ways of securing that are available on normal computers are not available on smartphones. They pose additional risk since you are also using them for things like agendas, and personal note taking. Also not all applications in an appstore or market are safe to use, because there are a considerable number of malware apps on the market which are passing your personal data to other companies. You should always check if the app's you want to use can be trusted. Internet on your mobile device is subject to the same problems as all wireless communications. Read the chapter on VPN for mobile devices to improve this.

Prepaid sim cards - In some countries you are still able to use prepaid locally bought SIMcards without identifying yourself. Beware that your phone also has a unique identifier (known as the IMEI number) so switching SIM cards will will not guarantee to protect your privacy.

The following chapters will deal with different methods that are available today to secure your mobile communications. Note that mobile phone security in particular is developing very fast and users should check out the current status of premier open source efforts like the Guardian Project (guardianproject.info).